Blog Posts Tagged with "Login"


Convenience Comes at a Steep Price: Password Management Systems & SSO

July 12, 2017 Added by:Alexandre Cagnoni

Many consumers and businesses are flocking to the mirage of safety offered by password management firms, which are only as strong as their weakest link (often humans).

Comments  (0)


Recovering Login Sessions, Loaded Drivers, and Command History with Volatility

September 18, 2012 Added by:Michael Ligh

Learn about the undocumented windows kernel data structures related to RDP logon sessions, alternate process listings, and loaded drivers. See how Volatility can help you forensically reconstruct attacker command histories and full input/output console buffers...

Comments  (0)


Illinois Bars Employers from Obtaining Social Media Credentials

August 20, 2012 Added by:David Navetta

Although privacy advocates and federal regulators and legislators have primarily been focusing on consumer privacy issues, such as behavioral advertising and data mining, the significant changes in workplace privacy protections demand continued vigilance from employers...

Comments  (1)


Yahoo and Billabong Password Dumps Analyzed

July 19, 2012 Added by:Dan Dieterle

Wow, not one, but two massive password dumps in one day. Hackers leaked a very large number of Billabong and Yahoo passwords in plain text with no need to try to crack them. We looked at the passwords using the analysis tool Pipa, and here is what we found...

Comments  (1)


LinkedIn: Vulnerability in the Authentication Process

May 22, 2012 Added by:Plagiarist Paganini

This attack is possible due to an error in validating of the security token (CSRF token) that allows an unlimited number of requests using the same token for different users. The only mechanism against the attack is a CAPTCHA challenge-response test after dozens of attempts...

Comments  (1)


Treat Passwords Like Cash

May 14, 2012 Added by:Danny Lieberman

Every Web site and business application has a different algorithm and password policy. For users, who need to maintain strong passwords using 25 different policies on 25 different systems sites, it’s impossible to maintain a strong password policy without making some compromises...

Comments  (0)


Hackers Post Thousands of Twitter Account Logins

May 09, 2012 Added by:Headlines

Analysis of the data dump indicates that of the fifty-five thousand sets of account logins, around twenty-thousand were duplicates, and a large percentage were associated with accounts that were already suspended for violations of terms of service...

Comments  (0)


Social Media Security 101

April 24, 2012 Added by:Joel Harding

EVERYTHING is compromised. Every web site, every data base, every place that touches the web – I assume this at all times. There is not one among us whose network has not been compromised. The security mantra in the past was “Risk Avoidance”. That is no longer the case...

Comments  (0)


Disagreement on Password Vault Software Findings

April 12, 2012 Added by:Brent Huston

Recently, some researchers have been working on comparing password vault software products and have found some issues. However, many of the vendors are quickly moving to remediate the identified issues, many of which were simply improper use of proprietary cryptography schemes...

Comments  (1)


The Top Forty Banks Targeted by the SpyEye Trojan

March 21, 2012 Added by:Headlines

Researchers from F-Secure released a list of the top forty banks targeted by SpyEye, one of the more powerful data-sniffing Trojans ever developed. The release of the SpyEye source code last year meant a dramatic increase in its application became a very real scenario...

Comments  (0)


Twitter Finally Enables HTTPS as a Default Setting

February 14, 2012 Added by:Headlines

Among other security benefits, the HTTPS feature will prevent users from having their login credentials stolen by attackers who may attempt to harvest passwords when users access their accounts over unencrypted Wi-Fi networks...

Comments  (0)


How to Recover a Hacked Facebook Account

December 02, 2011 Added by:Robert Siciliano

At least weekly some stressed out victim of a Facebook hack a.k.a “account takeover”, contacts me to help them get their account back in order. While I do have a connection or two at Facebook, the victim of the hack is in the best position to fix it themselves...

Comments  (0)


Sony Networks Compromised with Brute-Force Attack

October 12, 2011 Added by:Headlines

Sony Corporation have yet again been breached, compromising 60,000 PlayStation and 33,000 Online Entertainment accounts. The source of the attack is unknown, but reports in indicate that the infiltrators used login credentials from an unnamed third-party to gain access to the systems...

Comments  (0)


Who's Logged In? A Quick Way to Pick Your Targets

October 04, 2011 Added by:Rob Fuller

Say you need to get your bearings quickly on an internal test and going into each shell and doing a PS, then looking through the list for all the users logged in is a definitely not ideal. I wrote a quick script that you can throw in the Meterpreter scripts folder to aide you a bit with this...

Comments  (0)


Usernames and Passwords Are Facilitating Fraud

September 30, 2011 Added by:Robert Siciliano

Here we are in 2011 and well over half a billion records have been breached. While not all of the compromised records were held by financial institutions or were accounts considered “high-risk”, many of those breached accounts have resulted in financial fraud or account takeover...

Comments  (0)


Consumers Still Prefer Convenience Over Security

August 24, 2011 Added by:Headlines

"Any change to the way a customer accesses their account is going to take a while to get used to. But this small extra step delivers such an increase in security to our internet banking users, that we are confident we have got the balance right," an HSBC official said...

Comments  (4)

Page « < 1 - 2 > »